diff --git a/private/app.te b/private/app.te
index 33c51fc6eb6805afd10cfb0a33ee3e3abcf23ed9..3d30348739e9fdad7ea89d0ee3db73f5b9627868 100644
--- a/private/app.te
+++ b/private/app.te
@@ -138,10 +138,22 @@ allow appdomain shortcut_manager_icons:file { getattr read };
 # Read icon file (opened by system).
 allow appdomain icon_file:file { getattr read };
 
-# Write to /data/anr/traces.txt.
+# Old stack dumping scheme : append to a global trace file (/data/anr/traces.txt).
+#
+# TODO: All of these permissions except for anr_data_file:file append can be
+# withdrawn once we've switched to the new stack dumping mechanism, see b/32064548
+# and the rules below.
 allow appdomain anr_data_file:dir search;
 allow appdomain anr_data_file:file { open append };
 
+# New stack dumping scheme : request an output FD from tombstoned via a unix
+# domain socket.
+#
+# Allow apps to connect and write to the tombstoned java trace socket in
+# order to dump their traces.
+unix_socket_connect(appdomain, tombstoned_java_trace, tombstoned)
+allow appdomain tombstoned:fd use;
+
 # Allow apps to send dump information to dumpstate
 allow appdomain dumpstate:fd use;
 allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdown };
diff --git a/private/file_contexts b/private/file_contexts
index 7384ce8a6b4c285d15e17f0f8267a4dc79dc923a..d211bd8d001ead3554274ebfb9722753250a0b1e 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -144,6 +144,7 @@
 /dev/socket/rild	u:object_r:rild_socket:s0
 /dev/socket/rild-debug	u:object_r:rild_debug_socket:s0
 /dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
+/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
 /dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
 /dev/socket/uncrypt	u:object_r:uncrypt_socket:s0
 /dev/socket/vold	u:object_r:vold_socket:s0
diff --git a/private/system_server.te b/private/system_server.te
index 05e47734b75ceed759fb80756917cc40412ca602..06cf0aa6173be4520b345410288fcee8a100592d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -330,9 +330,22 @@ allow system_server asec_apk_file:file create_file_perms;
 allow system_server asec_public_file:file create_file_perms;
 
 # Manage /data/anr.
+#
+# TODO: Some of these permissions can be withdrawn once we've switched to the
+# new stack dumping mechanism, see b/32064548 and the rules below. In particular,
+# the system_server should never need to create a new anr_data_file:file or write
+# to one, but it will still need to read and append to existing files.
 allow system_server anr_data_file:dir create_dir_perms;
 allow system_server anr_data_file:file create_file_perms;
 
+# New stack dumping scheme : request an output FD from tombstoned via a unix
+# domain socket.
+#
+# Allow system_server to connect and write to the tombstoned java trace socket in
+# order to dump its traces.
+unix_socket_connect(system_server, tombstoned_java_trace, tombstoned)
+allow system_server tombstoned:fd use;
+
 # Read /data/misc/incidents - only read. The fd will be sent over binder,
 # with no DAC access to it, for dropbox to read.
 allow system_server incident_data_file:file read;
diff --git a/public/domain.te b/public/domain.te
index 5a3853f447a21f5bfb841859dbde5ad873f40509..88cc6afa9ec2307b7b5556c603b2412ead000dae 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -769,14 +769,19 @@ neverallow {
   # Processes that can't exec crash_dump
   -mediacodec
   -mediaextractor
-} tombstoned:unix_stream_socket connectto;
+} tombstoned_crash_socket:unix_stream_socket connectto;
+
 neverallow {
   domain
   -crash_dump
   -mediacodec
   -mediaextractor
 } tombstoned_crash_socket:sock_file write;
+
+# Never allow anyone except dumpstate or the system server to connect or write to
+# the tombstoned intercept socket.
 neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:sock_file write;
+neverallow { domain -dumpstate -system_server } tombstoned_intercept_socket:unix_stream_socket connectto;
 
 # Android does not support System V IPCs.
 #
diff --git a/public/file.te b/public/file.te
index 057af41338ec236edbbb4c271a3471d75f3bcab3..ad978e856d74e61e310aad30404c4757f598be5e 100644
--- a/public/file.te
+++ b/public/file.te
@@ -271,6 +271,7 @@ type rild_debug_socket, file_type;
 type system_wpa_socket, file_type, coredomain_socket;
 type system_ndebug_socket, file_type, coredomain_socket, mlstrustedobject;
 type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject;
+type tombstoned_java_trace_socket, file_type, mlstrustedobject;
 type tombstoned_intercept_socket, file_type, coredomain_socket;
 type uncrypt_socket, file_type, coredomain_socket;
 type vold_socket, file_type, coredomain_socket;
diff --git a/public/tombstoned.te b/public/tombstoned.te
index 37243bb6661071f14915d9d47475399b232f5bc0..cf3ddcba9b8dda8e37449f98793f097efb48d516 100644
--- a/public/tombstoned.te
+++ b/public/tombstoned.te
@@ -10,8 +10,13 @@ allow tombstoned domain:dir r_dir_perms;
 allow tombstoned domain:file r_file_perms;
 allow tombstoned tombstone_data_file:dir rw_dir_perms;
 allow tombstoned tombstone_data_file:file create_file_perms;
-allow tombstoned anr_data_file:file { getattr append };
 
-# TODO: Find out why this is happening.
-allow tombstoned anr_data_file:file write;
-auditallow tombstoned anr_data_file:file write;
+# TODO: Remove append / write permissions. They were temporarily
+# granted due to a bug which appears to have been fixed.
+allow tombstoned anr_data_file:file { append write };
+auditallow tombstoned anr_data_file:file { append write };
+
+# Changes for the new stack dumping mechanism. Each trace goes into a
+# separate file, and these files are managed by tombstoned.
+allow tombstoned anr_data_file:dir rw_dir_perms;
+allow tombstoned anr_data_file:file { getattr open create };